Welcome to Compliance Dictionary

This website exists to help you and everyone in the compliance space clearly define terms, and then leverage those terms in communicating shared compliance needs.

What's the difference between a third party, a related party, an outside party, and an external party? Do you know? We aren't going to give you the answer in this paragraph, because the answer is here, in the ComplianceDictionary website. Some of those terms are non-standard terms. Its important to know which ones. Look them up here and you'll find out which is which!

What's the definition of cybersecurity? Go ahead and scribble down your answer! Do you know why we asked you to do that? While giving a speech to banking regulators in Washington DC, the UCF team challenged 23 regulatory drafters working on new banking CyberSecurity audit guidelines to a) spell CyberSecurity and b) write down their definition of CyberSecurity. We got all three spellings back (cyber security, CyberSecurity, cyber-security). Three guesses (and the first two don't count) on how wildly different definitions there were – yep. Twenty four (one guy wasn't quite sure and gave me two very different definitions). When you are ready, search for the term and see how far off your answer is with what we have online.

What if you need a quick way to find out all of the Common Controls that have to deal with a third party (and all of the variant ways of saying that term)? There is no other dictionary on the planet that allows you to search for associated Common Controls, or even Citations from Authority Documents, other than this ComplianceDictionary website!


What defines a non-standard term?

A non-standard term is either a spelling variation of an existing term precedent or an unconventional, "off-the-wall" term or phrase.

Non-standard terms do not have their own definitions or a hierarchy. They do have other forms.

Why should I log in?

Logging in with your CCH account allows for unlimited searches of the Compliance Dictionary.

What is a preferred term?

A preferred term is used for mandate writing purposes and is used by writers in place of a synonym.

Why do definitions have words like "group" or "role definition" in their type instead of just nouns, verbs, etc.?

The UCF has developed additional named entities specific to auditing called UCF Elements. Each of the elements can be used as evidence in the auditing process.

A service or thing owned by an organization or person that falls under the purview of an Authority Document's controls either because of its value or its configuration properties. Information technology assets are the combination of logical and physical components and resources and are grouped into the specific classes (Operating System [includes drivers], Application [includes drivers], Storage, Hardware, Network, Power or Air, and Facility [including containers]).
Authority Document
Statutes, regulations, directives, principles, standards, guidelines, best practices, policies, and procedures
A compliance document within an organization, such as a checklist, framework, plan, policy, standard, procedure, or template
Configurable Item
A part of an asset specifically called out during the audit process
Configuration Setting
A modifiable element within a Configurable Item that can affect performance and system function
Data Contents
A field within a record
A division within an organization or a formation of individuals outside an organization
An organized body of people with a particular purpose, especially a business, society, association, etc.
Organizational Function
The high level administrative departments of an organization
Organizational Task
An individual process or task and organization performs
Record Category
A class, grouping, or set of records
Record Example
An individual record within a Record Category
A word or phrase that represents the function an individual, process, organization, etc. is supposed to achieve
A name that describes someone's position or job
Triggering Event
A unique activity within a given process or state that causes an event or situation to happen
A word or phrase that presents a system of measurement and analysis
What is an "other form"?

Other Forms are the possessive, plural, and conjugated forms of the Dictionary Term.

What are the different types of relationships a term can have?

The relationships within the Unified Compliance Framework® are Parent-Child relationships. For us, this means the way you view any given relationship between two terms determines which term is the Parent and which is the Child. Synonym and antonym relationships are the exceptions to this rule; no matter which way you look at two terms the relationship stays the sam

Our Relationship Types are broken into two main categories: Linguistic and Content.


Linguistic Parent and Linguistic Child
Linguistic Parent
Terms that are linguistically broader than the focus term, including origins of terms
Linguistic Child
Terms that are linguistically narrower than the focus term, including derivatives


Terms that mean exactly or almost the same thing as the focus term
Terms that mean the opposite as the focus term
Category For and Type of
Category For
A term of which the focus term is a kind of
Type of
Terms that are kinds or examples of the focus term
Includes and Part of
Terms the focus term is an element of
Part of
Terms whose definitions are an element of the focus term
Used to Create and Is Created by
Used to Create
A term that is a template for or used to create the focus term
Is Created by
A term that comes from or is generated by the focus term
Is Referenced by and References
Is Referenced by
A term that mentions or references the focus term
A term that the focus term mentions or sites
Used to Enforce and Is Enforced by
Used to Enforce
A term that the focus term uses to happen or cause compliance
Is Enforced by
A term that uses the focus term to happen or cause compliance
Can I navigate the term hierarchy? How?

Yes, to see information about any of the terms in the hierarchy, simply click on the name of the term you wish to view. This will take you to the Compliance Dictionary page for the term you selected.

What is a Common Control?

Common Controls are the specific steps or actions contained within a compliance mandate that must be met to fulfill a compliance requirement. Common Controls harmonize differences in wording across the Authority Documents we have mapped, so you can use them to compare Authority Documents or track your compliance status. They are presented in a legal hierarchical framework which allows any organization to easily understand what specific steps must be met in order to meet any compliance requirement.

What is the difference between "Displaying Common Controls containing this term" and "Show only Common Controls in which this term is tagged"?

The default Common Controls displayed are all the Common Controls that contain the term name based on an Elasticsearch engine.

When you select Show only Common Controls in which this term is tagged, only Common Controls that contain the exact term name or any of its other forms will be displayed.

How are terms added to the Compliance Dictionary?

Terms are added to Compliance Dictionary through the UCF’s mapping process. Each time a Citation is mapped, its terms are tagged. New terms tagged in a citation become candidates for inclusion in the Compliance Dictionary. Each time we encounter an Authority Document that in itself is a glossary, or find definitions of terms within an Authority Document, we add them to the ever growing list of new term candidates.

For every new dictionary entry candidate, we first assess the legal level of the Authority Document it is derived from. Terms and definitions in laws and regulations take precedent over those in standards and best practices. This precludes best practice Authority Documents (which aren’t always well written) from attempting to redefine terms that have been previously defined by laws and regulations. If a law, regulation, or court of law defines a term in an Authority Document, we use the definition as written. Period. It is law and that is the highest status for definitions in the UCF’s dictionary. If an international standard defines a term in a formal glossary, we add the definition to the UCF’s dictionary if and only if it is not in conflict with a definition provided by a law, regulation, or court of law.